Monday, June 13, 2011

Transfer FSMO Roles 2008 R2 Domain Controller

I have an Active Directory domain that's used exclusively for monitoring.  The domain was running a single 2008 SP2 32bit domain controller.  Tonight I introduced the first 2008 R2 domain controller and wanted to transfer all the FSMO roles to this server.  In previous versions if you wanted to transfer the Schema Master role you could use the AD Schema snap-in.  Prior to launching the ADS snap-in you would first have to register the schmmgmt.dll.  This is a 32bit command and cannot be used on R2 domain controllers so I decided to use NTDSUTIL instead.

First log into the domain controller you want to hold the roles and launch a command prompt and run the following:

ntdsutil:  roles
fsmo maintenance: connections
server connections:  connect to server "domain controllers hostname"

you will now have confirmation of connection to the server

server connections:  quit

Now you are ready to transfer the FSMO roles.

fsmo maintenance:  transfer schema master
fsmo maintenance:  transfer rid master
fsmo maintenance:  transfer infrastructure master
fsmo maintenance:  transfer pdc
fsmo maintenance:  transfer naming master ("domain" not included when running from a 2008 DC)

You have now transfered all the FSMO roles to your 2008 R2 domain controller and can logout of ntdsutil

fsmo maintenance:  quit
ntdsutil: quit

In order to confirm all FSMO roles have transferred to your desired destination run the following:

C:\users\admin>netdom query fsmo

Schema master     
Domain naming master
RID pool manager 
Infrastructure master
The command completed successfully.


  1. I was very pleased to find this site.I wanted to thank you for this great read!! I definitely enjoying every little bit of it and I have you bookmarked to check out new stuff you post.
    domain hosting services

  2. Thanks for making it so easy to follow

  3. You are master, the "official" procedure is officially a PITA. Thank you.

  4. Thank you very much ! you are indeed a master of your direct to the core!

  5. When you're logged into the DC that you want to transfer the roles to and run the above commands, in the line 'server connections: connect to server "domain controllers hostname"', "domain controllers hostname" is the name of the server you're on, not the name of the other DC.

    Also, make sure your login account is part of the Schema Admins group.